Authenticated Command Injection Vulnerability in AOS-CX Command Line Interface
CVE-2023-3718

8.8HIGH

Key Information:

Vendor
HP
Vendor
CVE Published:
1 August 2023

Summary

An authenticated command injection vulnerability in the AOS-CX command line interface enables attackers to execute arbitrary commands with privileged access on the operating system of the affected network switches. Exploiting this vulnerability could lead to full compromise of the device, impacting its security and integrity. Users of AOS-CX are advised to apply the latest security patches to mitigate this risk effectively.

Affected Version(s)

Aruba CX Switches AOS-CX AOS-CX 10.11.xxxx: 10.11.1010 and below

Aruba CX Switches AOS-CX AOS-CX 10.10.xxxx: 10.10.1050 and below

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nick Starke of Aruba Threat Labs
.